Facebook owner Meta expected to be hit with record privacy breach fine
Meta is expected to face a record fine later over its transfer of Facebook’s European user data to US servers, according to reports.
Reuters news agency cited two anonymous sources familiar with the matter as saying that the penalty from EU regulators will be higher than the previous record – a €746m (£647m) fine for Amazon over its flouting of EU privacy standards.
The regulators, led by Ireland’s Data Protection Commission (DPC), are expected to publish a ruling on Monday morning, which is likely to order that Facebook stop using “complex legal instruments” to move EU data to the US.
Concerns have been raised over these trans-Atlantic data flows because they could leave Europeans exposed to the US’s weaker privacy laws.
Last year, Facebook threatened to suspend its services in Europe if it was banned from using its mechanism for transferring the data.
Late in April, Meta released its first-quarter financial results, acknowledging that a decision was due from the Irish Data Protection Commission in May.
It added: “Our ongoing consultations with policymakers on both sides of the Atlantic continue to indicate that the proposed new EU-US Data Privacy Framework will be fully implemented before the deadline for suspension of such transfers, but we cannot exclude the possibility that it will not be completed in time.
“We will also evaluate whether and to what extent the IDPC decision could otherwise impact our data processing operations even after a new data privacy framework is in force.”
In January, the California-based business was hit with a €390m (£338m) fine by Ireland’s DPC for forcing users to agree to personalised adverts, a breach of EU privacy rules.
As well as the fine, Meta was also banned from forcing users to sign up to such ads.
The promotions are based on someone’s online activity, allowing advertisers to target those likely to be interested in their products and services.
Ireland’s DPC also previously fined WhatsApp, another Meta-owned business, for breaching stringent regulations in relating to the transparency of data shared with its other subsidiaries.